Legal · v1 Draft

Privacy Policy.

EFFECTIVE DATE · TBD · PENDING LAWYER REVIEW

1. Who we are

EXIT CODE is a trading discipline tool operated by Kritsotakis Investments Pty Ltd (ACN 153 844 136) as trustee for the Kritsotakis Family Trust (ABN 45 984 876 899), an Australian discretionary trading trust registered in NSW. References to "we", "us", "our", or "EXIT CODE" mean Kritsotakis Investments Pty Ltd in its capacity as trustee for the Kritsotakis Family Trust.

We are not a broker. We do not execute trades. We do not provide financial advice. See our Terms of Service for the full description of what EXIT CODE does and does not do.

2. What information we collect

Information you provide directly

Email address. When you join the waitlist, register for an account, or purchase a product.
TradingView username. Required to grant access to invite-only Pine Script indicators (Pro Agent, Pro Bundle).
Payment information. Processed by Stripe — we never see or store your full card details.
Trade journal data. When you use the companion web interface, the gates you pass through, override classifications, and weekly audit data are stored against your account.

Information collected automatically

IP address, browser type, device type (for security and fraud prevention)
Pages viewed on exitcode.trade (anonymous analytics — Plausible / privacy-first only; we do not use Google Analytics)
Email open + click events (Beehiiv / ConvertKit)

Information we do NOT collect

Your real name (unless you give it to us voluntarily)
Your broker account credentials (Pro Agent does not connect to your broker — Phase 3 will, with your explicit OAuth consent)
Your actual trade outcomes ($PnL — you log gate decisions, not trade results)
Sensitive personal information (race, religion, health, etc.)

3. How we use your information

To deliver the product (grant TradingView access, send waitlist updates, process payments)
To improve the product (anonymous aggregate analytics on which gates fire most often, etc.)
To respond to support requests
To meet legal obligations (Australian Privacy Act 1988, GDPR for EU customers, CCPA for California customers)

4. Who we share your information with

We share data only with the third-party services we depend on to operate the business:

Stripe — payment processing
Beehiiv / ConvertKit — email delivery
Skool — community access (Construct tier — v2)
TradingView — script access management (we manually enter your TV username; TV does not receive your email)
Supabase / Vercel — application hosting and database (companion web interface)

We do not sell your data. We do not share it for marketing purposes.

5. Data retention

Account active: data is retained as long as your subscription is active.

Account cancelled: trade journal data is retained read-only for 30 days, then archived (not deleted — kept for your potential resubscription) for 12 months, then permanently deleted.

Email addresses are retained until you unsubscribe or request deletion.

6. Your rights

Access. Request a copy of your data.
Correction. Update inaccurate data.
Deletion. Request permanent deletion ("right to be forgotten").
Portability. Export your trade journal data in JSON format.
Objection. Opt out of any non-essential processing.

To exercise any of these rights, email privacy@exitcode.trade (forwarder TBD — currently routes to peter@kritsotakis.com.au).

7. Security

We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest). Payment data never touches our servers — Stripe handles all card processing. Account credentials are stored as bcrypt hashes.

We have no realistic way to be more secure than the underlying providers we use (Stripe, Supabase, Vercel). If you are concerned about a specific threat model, contact us before subscribing.

8. International transfers

If you are in the EU, UK, or California, your data may be transferred to and processed in Australia or the United States (via our US-based service providers). We rely on Standard Contractual Clauses (EU) and equivalent transfer mechanisms.

9. Children

EXIT CODE is not for users under 18. We do not knowingly collect data from children.

10. Changes to this policy

If we make material changes, we will email registered users with at least 30 days' notice before the change takes effect.

11. Contact

Privacy concerns: privacy@exitcode.trade
Australian Privacy Commissioner (if you wish to complain): oaic.gov.au